Octopus Cybercrime Community

Cameroon adopted a specific cybercrime and cybersecurity legislation, the Law N° 2010/012 of 21 December 2010 on cybersecurity and cybercrime. It includes criminal substantive rules, procedural rules as well as provisions on international cooperation. By Law N°. 2022/002 of April 27 2022 (available in English and French), the President of the Republic of Cameroon was authorised to proceed with Cameroon's accession to the Budapest Convention on Cybercrime. Decree N°. 2022/169 of May 23 2022 (available in English and French) then proclaimed accession to the Budapest Convention. This proclamation is without prejudice to the completion of the necessary procedures for accession set out under Article 37 of the Budapest Convention.

Cameroon has no specific data protection or privacy law. However, the Constitution of the Republic of Cameroon amended by the Law N° 96-06 of 18 January 1996 guarantees privacy of communications in its preamble. Moreover, the country is preparing a privacy bill that will contain provisions on collection, processing, transmitting, storage, and use of data.

The main legislative text regarding substantive law is Law N° 2010/012 of 21 December 2010 on cybersecurity and cybercrime in Cameroon.

Cybercrime offences and penalties are provided for in sections 60 to 89 of the Law. It includes the criminalisation of unlawful interception (section. 65 §1), illegal access (section 65 §2), system interference (sections 66 §1 and 67), misuse of device (e.g. section 66 §2, section 86 §1), data interference (sections71 and 72, 86 §2), computer-related fraud (section. 73 §1). Offences related to child pornography are also criminalised (sections 76, 80, 81), as well as grooming (sections 83).

Specific procedural measures are established mainly by Sections 52 to 59 of the Law N° 2010/012 of 21 December 2010. These provisions identify the law enforcement and judicial authorities having competence to investigate and prosecute cybercrime offences. It includes provisions on search and seizure of computer data (article 53 and following), as well as on the use of electronic communications for the hearing of any person in criminal proceedings (art. 59). Judicial police officers may intercept and record electronic data (art. 49), although no details are given on the type of data concerned.

The general framework on procedural measures in criminal matters is established by the Criminal Procedure Code of 2005 according to the Law N° 2005/007 of 27 July 2005 establishing the Criminal Procedure Code.

The Constitution of the Republic of Cameroon amended by the Law N° 96-06 of 18 January 1996 establishes a number of safeguards. The preamble affirms “Affirm our attachment to the fundamental freedoms enshrined in the Universal Declaration of Human Rights, the Charter of the United Nations and The African Charter on Human and Peoples' Rights, and all duly ratified international conventions relating thereto”, including “the home is inviolate. No search may be conducted except by virtue of the law”, “the privacy of all correspondence is inviolate. No interference may be allowed except by virtue of decisions emanating from the Judicial Power”, “no person may be prosecuted, arrested or detained except in the cases and according to the manner determined by law” and “the freedom of communication, of expression, of the press, […] shall be guaranteed under the conditions fixed by law”.

Section 1 of the Law N°2010/012 on Cybersecurity and Cybercrime states that it seeks to “protect basic human rights, in particular the right to human dignity, honour and respect of privacy, as well as the legitimate interests of corporate bodies”. In addition, Sections 41-48 cover ‘Protection of privacy’.

In addition, the general legal framework established by the Criminal Procedure Code of 2005, which was enacted by the Law N° 2005/007 of 27 July 2005, provides cross-cutting safeguards.

Legislative texts:

Law No 2000/011 of 19 December 2000 on Copyright and Neighbouring Rights (French version);

Law N° 2010/013 of 21 December 2010 on electronic communications in Cameroon and its amendment of April 2015 (the latter, in French only);

Law N° 2010/021 of 21 December 2010 on electronic commerce in Cameroon;

Law No 2011/012 of 06 May 2011 on Consumer protection in Cameroon (in French only);

Law No 2003/004 of 21 April 2003 on Banking Secrecy (in French only);

Decrees (in French only):

Decree n ° 2013/0398/pm of 27 February 2013 on the setting-up of a universal service and the development of electronic communications;

Decree n° 2013/0399/pm of 27 February 2013 on the modalities of the protection of consumers of services of electronic communications;

Decree n° 2013/0400/pm of 27 February 2013 on the modalities of declaration and authorisation, as well as the conditions to get of certification in view of the provision, export, import or use of means and services of cryptography;

Decree n° 2013/0401/pm of 27 February 2013 on the repartition of performance bonus regarding penalties ordered against telecom operators;

Decree n°2012/180 of 10 April 2012 on the organisation and functioning of the National Agency for Information and Communication Technologies (ANTIC);

Decree n°2012/1643/pm of 14 June 2012 on the conditions and modalities of security audit of electronic communications and information systems’ networks;

Decree n°2012/1640/pm of 14 June 2012 on the conditions of access to electronic communications networks open to the public and the sharing of infrastructures;

Decree n°2012/1638/pm of 14 June 2012 on the establishment and/or exploitation of networks and the provision of electronic communication services subject to an approval regime;

Decree n°/2012-1639/pm of 14 June 2012 on the conditions of declarations, as well as of exploitation, of networks and infrastructures subject to the declaration regime;

Decree n° 2012/203 of 20 April 2012 on the organisation and functioning of the telecom regulation agency;

Decree n° 2012/309 of 26 June 2012 on the modalities of management the special funds for electronic security activities.

More information and resources can be found on the ANTIC website, available in French and English (partially).

As a member state of the Central African Economic and Monetary Community ('CEMAC'), Cameroon applies the following legislation that contain provisions related to data protection:

Regulation No. 21/08-UEAC-13-CM-18 of 19 December 2008 on the Harmonisation of Regulations and Regulatory Policies on Electronic Communications in CEMAC Member States; (in French only);

Directive No. 07/08-UEAC-133-CM-18 of 19 December 19 2008 on the Legal Framework for the Protection of Users of Electronic Communications Networks and Services within CEMAC (in French only);

Directive No. 09/08-UEAC-133-CM-18 of 19 December 2008 Harmonising the Legal Frameworks of Electronic Communications in the CEMAC Member States (in French only);

Regulation No. 03/16-CEMAC-UMAC-CMAC-CM of 21 December 2016 on Systems, Means and Incidents of Payment (in French only);

Directive 02/19-UEAC-639-CM-18 of 08 April 2019 Harmonising the Protection of Consumers within CEMAC (in French only);

Regulation No 01/20/CEMAC/UMAC/COBAC of 03 July 2020 on the Protection of Consumers of Banking Products and Services in CEMAC (in French only).

Legal Framework

International cooperation in the fight against cybercrime is governed by Articles 90 to 94 of the Law n°2010/012 of 21 December 2010.

Cameroon is a Party to several international conventions on international cooperation, including the Economic Community of Central African States (ECCAS) Agreement on judicial cooperation (adopted on 28 January 2004), as well as several bilateral agreements (e.g. with France, adopted on 21 February 1974). Cameroon is also a Party to the United Nations Convention against Transnational Organized Crime (ratified on 6 February 2006), which encompasses provisions on international cooperation.

Extradition is regulated in the Criminal Procedural Code (Articles 635-675).

Competent authorities and channels

Unless provided otherwise by an international convention to which Cameroon is a Party, authorities and channels specified by art. 91 to 94 of the Law n°2010/012 apply:

• Outgoing requests for legal assistance are to be sent by the competent judicial authority to the Ministry of Foreign Affairs (‘Ministère chargé des Relations Extérieures’), who will transmit them to foreign authorities.
• Incoming requests for legal assistance are to be dealt with through diplomatic channels. They should be reviewed, in principle, by the foreign Government beforehand. Execution of the request is subject to art. 92-93 of the Law 2010/12 as well as general provisions of the Criminal Procedure Code.
• In case of emergency, the request may be directly transmitted to the competent authorities for their execution. Urgent incoming requests are directly dealt with by the Public Prosecutor and/or the investigatory judge, depending on the situation.

Cameroon’s CIRT participates to the activities of Africa CERT, an African forum of computer incident response teams.

The Delegate-General for National Security is the contact point for the INTERPOL network.